<?php

/**
 * This is the PHP OpenID library by JanRain, Inc.
 *
 * This module contains core utility functionality used by the
 * library.  See Consumer.php and Server.php for the consumer and
 * server implementations.
 *
 * PHP versions 4 and 5
 *
 * LICENSE: See the COPYING file included in this distribution.
 *
 * @package OpenID
 * @author JanRain, Inc. <openid@janrain.com>
 * @copyright 2005-2008 Janrain, Inc.
 * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
 */

// Do not allow direct access
defined( '_JEXEC' ) or die( 'Restricted access' );

/**
 * The library version string
 */
define('Auth_OpenID_VERSION', '2.1.2');

/**
 * Require the fetcher code.
 */
require_once "Auth/Yadis/PlainHTTPFetcher.php";
require_once "Auth/Yadis/ParanoidHTTPFetcher.php";
require_once "Auth/OpenID/BigMath.php";
require_once "Auth/OpenID/URINorm.php";

/**
 * Status code returned by the server when the only option is to show
 * an error page, since we do not have enough information to redirect
 * back to the consumer. The associated value is an error message that
 * should be displayed on an HTML error page.
 *
 * @see Auth_OpenID_Server
 */
define('Auth_OpenID_LOCAL_ERROR', 'local_error');

/**
 * Status code returned when there is an error to return in key-value
 * form to the consumer. The caller should return a 400 Bad Request
 * response with content-type text/plain and the value as the body.
 *
 * @see Auth_OpenID_Server
 */
define('Auth_OpenID_REMOTE_ERROR', 'remote_error');

/**
 * Status code returned when there is a key-value form OK response to
 * the consumer. The value associated with this code is the
 * response. The caller should return a 200 OK response with
 * content-type text/plain and the value as the body.
 *
 * @see Auth_OpenID_Server
 */
define('Auth_OpenID_REMOTE_OK', 'remote_ok');

/**
 * Status code returned when there is a redirect back to the
 * consumer. The value is the URL to redirect back to. The caller
 * should return a 302 Found redirect with a Location: header
 * containing the URL.
 *
 * @see Auth_OpenID_Server
 */
define('Auth_OpenID_REDIRECT', 'redirect');

/**
 * Status code returned when the caller needs to authenticate the
 * user. The associated value is a {@link Auth_OpenID_ServerRequest}
 * object that can be used to complete the authentication. If the user
 * has taken some authentication action, use the retry() method of the
 * {@link Auth_OpenID_ServerRequest} object to complete the request.
 *
 * @see Auth_OpenID_Server
 */
define('Auth_OpenID_DO_AUTH', 'do_auth');

/**
 * Status code returned when there were no OpenID arguments
 * passed. This code indicates that the caller should return a 200 OK
 * response and display an HTML page that says that this is an OpenID
 * server endpoint.
 *
 * @see Auth_OpenID_Server
 */
define('Auth_OpenID_DO_ABOUT', 'do_about');

/**
 * Defines for regexes and format checking.
 */
define('Auth_OpenID_letters',
	   "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");

define('Auth_OpenID_digits',
	   "0123456789");

define('Auth_OpenID_punct',
	   "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~");

if (Auth_OpenID_getMathLib() === null) {
	Auth_OpenID_setNoMathSupport();
}

/**
 * The OpenID utility function class.
 *
 * @package OpenID
 * @access private
 */
class Auth_OpenID {

	/**
	 * Return true if $thing is an Auth_OpenID_FailureResponse object;
	 * false if not.
	 *
	 * @access private
	 */
	function isFailure($thing)
	{
		return is_a($thing, 'Auth_OpenID_FailureResponse');
	}

	/**
	 * Gets the query data from the server environment based on the
	 * request method used.  If GET was used, this looks at
	 * $_SERVER['QUERY_STRING'] directly.  If POST was used, this
	 * fetches data from the special php://input file stream.
	 *
	 * Returns an associative array of the query arguments.
	 *
	 * Skips invalid key/value pairs (i.e. keys with no '=value'
	 * portion).
	 *
	 * Returns an empty array if neither GET nor POST was used, or if
	 * POST was used but php://input cannot be opened.
	 *
	 * @access private
	 */
	function getQuery($query_str=null)
	{
		$data = array();

		if ($query_str !== null) {
			$data = Auth_OpenID::params_from_string($query_str);
		} else if (!array_key_exists('REQUEST_METHOD', $_SERVER)) {
			// Do nothing.
		} else {
		  // XXX HACK FIXME HORRIBLE.
		  //
		  // POSTing to a URL with query parameters is acceptable, but
		  // we don't have a clean way to distinguish those parameters
		  // when we need to do things like return_to verification
		  // which only want to look at one kind of parameter.  We're
		  // going to emulate the behavior of some other environments
		  // by defaulting to GET and overwriting with POST if POST
		  // data is available.
		  $data = Auth_OpenID::params_from_string($_SERVER['QUERY_STRING']);

		  if ($_SERVER['REQUEST_METHOD'] == 'POST') {
			$str = file_get_contents('php://input');

			if ($str === false) {
			  $post = array();
			} else {
			  $post = Auth_OpenID::params_from_string($str);
			}

			$data = array_merge($data, $post);
		  }
		}

		return $data;
	}

	function params_from_string($str)
	{
		$chunks = explode("&", $str);

		$data = array();
		foreach ($chunks as $chunk) {
			$parts = explode("=", $chunk, 2);

			if (count($parts) != 2) {
				continue;
			}

			list($k, $v) = $parts;
			$data[$k] = urldecode($v);
		}

		return $data;
	}

	/**
	 * Create dir_name as a directory if it does not exist. If it
	 * exists, make sure that it is, in fact, a directory.  Returns
	 * true if the operation succeeded; false if not.
	 *
	 * @access private
	 */
	function ensureDir($dir_name)
	{
		if (is_dir($dir_name) || @mkdir($dir_name)) {
			return true;
		} else {
			$parent_dir = dirname($dir_name);

			// Terminal case; there is no parent directory to create.
			if ($parent_dir == $dir_name) {
				return true;
			}

			return (Auth_OpenID::ensureDir($parent_dir) && @mkdir($dir_name));
		}
	}

	/**
	 * Adds a string prefix to all values of an array.  Returns a new
	 * array containing the prefixed values.
	 *
	 * @access private
	 */
	function addPrefix($values, $prefix)
	{
		$new_values = array();
		foreach ($values as $s) {
			$new_values[] = $prefix . $s;
		}
		return $new_values;
	}

	/**
	 * Convenience function for getting array values.  Given an array
	 * $arr and a key $key, get the corresponding value from the array
	 * or return $default if the key is absent.
	 *
	 * @access private
	 */
	function arrayGet($arr, $key, $fallback = null)
	{
		if (is_array($arr)) {
			if (array_key_exists($key, $arr)) {
				return $arr[$key];
			} else {
				return $fallback;
			}
		} else {
			trigger_error("Auth_OpenID::arrayGet (key = ".$key.") expected " .
						  "array as first parameter, got " .
						  gettype($arr), E_USER_WARNING);

			return false;
		}
	}

	/**
	 * Replacement for PHP's broken parse_str.
	 */
	function parse_str($query)
	{
		if ($query === null) {
			return null;
		}

		$parts = explode('&', $query);

		$new_parts = array();
		for ($i = 0; $i < count($parts); $i++) {
			$pair = explode('=', $parts[$i]);

			if (count($pair) != 2) {
				continue;
			}

			list($key, $value) = $pair;
			$new_parts[$key] = urldecode($value);
		}

		return $new_parts;
	}

	/**
	 * Implements the PHP 5 'http_build_query' functionality.
	 *
	 * @access private
	 * @param array $data Either an array key/value pairs or an array
	 * of arrays, each of which holding two values: a key and a value,
	 * sequentially.
	 * @return string $result The result of url-encoding the key/value
	 * pairs from $data into a URL query string
	 * (e.g. "username=bob&id=56").
	 */
	function httpBuildQuery($data)
	{
		$pairs = array();
		foreach ($data as $key => $value) {
			if (is_array($value)) {
				$pairs[] = urlencode($value[0])."=".urlencode($value[1]);
			} else {
				$pairs[] = urlencode($key)."=".urlencode($value);
			}
		}
		return implode("&", $pairs);
	}

	/**
	 * "Appends" query arguments onto a URL.  The URL may or may not
	 * already have arguments (following a question mark).
	 *
	 * @access private
	 * @param string $url A URL, which may or may not already have
	 * arguments.
	 * @param array $args Either an array key/value pairs or an array of
	 * arrays, each of which holding two values: a key and a value,
	 * sequentially.  If $args is an ordinary key/value array, the
	 * parameters will be added to the URL in sorted alphabetical order;
	 * if $args is an array of arrays, their order will be preserved.
	 * @return string $url The original URL with the new parameters added.
	 *
	 */
	function appendArgs($url, $args)
	{
		if (count($args) == 0) {
			return $url;
		}

		// Non-empty array; if it is an array of arrays, use
		// multisort; otherwise use sort.
		if (array_key_exists(0, $args) &&
			is_array($args[0])) {
			// Do nothing here.
		} else {
			$keys = array_keys($args);
			sort($keys);
			$new_args = array();
			foreach ($keys as $key) {
				$new_args[] = array($key, $args[$key]);
			}
			$args = $new_args;
		}

		$sep = '?';
		if (strpos($url, '?') !== false) {
			$sep = '&';
		}

		return $url . $sep . Auth_OpenID::httpBuildQuery($args);
	}

	/**
	 * Implements python's urlunparse, which is not available in PHP.
	 * Given the specified components of a URL, this function rebuilds
	 * and returns the URL.
	 *
	 * @access private
	 * @param string $scheme The scheme (e.g. 'http').  Defaults to 'http'.
	 * @param string $host The host.  Required.
	 * @param string $port The port.
	 * @param string $path The path.
	 * @param string $query The query.
	 * @param string $fragment The fragment.
	 * @return string $url The URL resulting from assembling the
	 * specified components.
	 */
	function urlunparse($scheme, $host, $port = null, $path = '/',
						$query = '', $fragment = '')
	{

		if (!$scheme) {
			$scheme = 'http';
		}

		if (!$host) {
			return false;
		}

		if (!$path) {
			$path = '';
		}

		$result = $scheme . "://" . $host;

		if ($port) {
			$result .= ":" . $port;
		}

		$result .= $path;

		if ($query) {
			$result .= "?" . $query;
		}

		if ($fragment) {
			$result .= "#" . $fragment;
		}

		return $result;
	}

	/**
	 * Given a URL, this "normalizes" it by adding a trailing slash
	 * and / or a leading http:// scheme where necessary.  Returns
	 * null if the original URL is malformed and cannot be normalized.
	 *
	 * @access private
	 * @param string $url The URL to be normalized.
	 * @return mixed $new_url The URL after normalization, or null if
	 * $url was malformed.
	 */
	function normalizeUrl($url)
	{
		@$parsed = parse_url($url);

		if (!$parsed) {
			return null;
		}

		if (isset($parsed['scheme']) &&
			isset($parsed['host'])) {
			$scheme = strtolower($parsed['scheme']);
			if (!in_array($scheme, array('http', 'https'))) {
				return null;
			}
		} else {
			$url = 'http://' . $url;
		}

		$normalized = Auth_OpenID_urinorm($url);
		if ($normalized === null) {
			return null;
		}
		list($defragged, $frag) = Auth_OpenID::urldefrag($normalized);
		return $defragged;
	}

	/**
	 * Replacement (wrapper) for PHP's intval() because it's broken.
	 *
	 * @access private
	 */
	function intval($value)
	{
		$re = "/^\\d+$/";

		if (!preg_match($re, $value)) {
			return false;
		}

		return intval($value);
	}

	/**
	 * Count the number of bytes in a string independently of
	 * multibyte support conditions.
	 *
	 * @param string $str The string of bytes to count.
	 * @return int The number of bytes in $str.
	 */
	function bytes($str)
	{
		return strlen(bin2hex($str)) / 2;
	}

	/**
	 * Get the bytes in a string independently of multibyte support
	 * conditions.
	 */
	function toBytes($str)
	{
		$hex = bin2hex($str);

		if (!$hex) {
			return array();
		}

		$b = array();
		for ($i = 0; $i < strlen($hex); $i += 2) {
			$b[] = chr(base_convert(substr($hex, $i, 2), 16, 10));
		}

		return $b;
	}

	function urldefrag($url)
	{
		$parts = explode("#", $url, 2);

		if (count($parts) == 1) {
			return array($parts[0], "");
		} else {
			return $parts;
		}
	}

	function filter($callback, &$sequence)
	{
		$result = array();

		foreach ($sequence as $item) {
			if (call_user_func_array($callback, array($item))) {
				$result[] = $item;
			}
		}

		return $result;
	}

	function update(&$dest, &$src)
	{
		foreach ($src as $k => $v) {
			$dest[$k] = $v;
		}
	}

	/**
	 * Wrap PHP's standard error_log functionality.  Use this to
	 * perform all logging. It will interpolate any additional
	 * arguments into the format string before logging.
	 *
	 * @param string $format_string The sprintf format for the message
	 */
	function log($format_string)
	{
		$args = func_get_args();
		$message = call_user_func_array('sprintf', $args);
		error_log($message);
	}

	function autoSubmitHTML($form, $title="OpenId transaction in progress")
	{
		return("<html>".
			   "<head><title>".
			   $title .
			   "</title></head>".
			   "<body onload='document.forms[0].submit();'>".
			   $form .
			   "<script>".
			   "var elements = document.forms[0].elements;".
			   "for (var i = 0; i < elements.length; i++) {".
			   "  elements[i].style.display = \"none\";".
			   "}".
			   "</script>".
			   "</body>".
			   "</html>");
	}
}
?>
